High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-26	CVE-2018-16151	Improper Verification of Cryptographic Signature vulnerability in multiple products In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. network low complexity strongswan debian canonical CWE-347	7.5
2018-09-25	CVE-2018-14634	An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. local low complexity linux redhat canonical netapp	7.8
2018-09-25	CVE-2018-14647	Missing Initialization of Resource vulnerability in multiple products Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. network low complexity python canonical debian fedoraproject opensuse redhat CWE-909	7.5
2018-09-25	CVE-2018-14633	A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. network high complexity linux debian canonical redhat	7.0
2018-09-23	CVE-2018-17407	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. local low complexity tug canonical debian CWE-119	7.8
2018-09-22	CVE-2018-17336	Use of Externally-Controlled Format String vulnerability in multiple products UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings. local low complexity freedesktop canonical CWE-134	7.8
2018-09-21	CVE-2018-14645	Out-of-bounds Read vulnerability in multiple products A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. network low complexity haproxy canonical redhat CWE-125	7.5
2018-09-19	CVE-2018-17205	Reachable Assertion vulnerability in multiple products An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. network low complexity openvswitch redhat canonical CWE-617	7.5
2018-09-19	CVE-2018-17183	Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. local low complexity debian canonical artifex redhat	7.8
2018-09-19	CVE-2018-17182	Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 4.18.8. local low complexity linux canonical debian netapp CWE-416	7.8